yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4df770aa766db3dbb0a2992d2f61e29ff1de2d13
Umbraco-CMS/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandler.cs
Nikolaj Geisle e762fa91bc V10: fix build warnings in Web.BackOffice (#12479) 
* Run code cleanup

* Start manual run

* Finish dotnet format + manual cleanup

* Fix up after merge

* Fix substrings changed to [..]

Co-authored-by: Nikolaj Geisle <niko737@edu.ucl.dk>
Co-authored-by: Zeegaan <nge@umbraco.dk>
2022-06-20 08:37:17 +02:00

82 lines
3.3 KiB
C#
Raw Blame History

// Copyright (c) Umbraco.
// See LICENSE for more details.
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
namespace Umbraco.Cms.Web.BackOffice.Authorization;
/// <summary>
/// Used to authorize if the user has the correct permission access to the content for the content id specified in a
/// query string.
/// </summary>
public class
ContentPermissionsQueryStringHandler : PermissionsQueryStringHandler<ContentPermissionsQueryStringRequirement>
{
private readonly ContentPermissions _contentPermissions;
/// <summary>
/// Initializes a new instance of the <see cref="ContentPermissionsQueryStringHandler" /> class.
/// </summary>
/// <param name="backOfficeSecurityAccessor">Accessor for back-office security.</param>
/// <param name="httpContextAccessor">Accessor for the HTTP context of the current request.</param>
/// <param name="entityService">Service for entity operations.</param>
/// <param name="contentPermissions">Helper for content authorization checks.</param>
public ContentPermissionsQueryStringHandler(
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
IHttpContextAccessor httpContextAccessor,
IEntityService entityService,
ContentPermissions contentPermissions)
: base(backOfficeSecurityAccessor, httpContextAccessor, entityService) =>
_contentPermissions = contentPermissions;
/// <inheritdoc />
protected override Task<bool> IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsQueryStringRequirement requirement)
{
int nodeId;
if (requirement.NodeId.HasValue == false)
{
if (HttpContextAccessor.HttpContext is null || requirement.QueryStringName is null ||
!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out StringValues routeVal))
{
// Must succeed this requirement since we cannot process it
return Task.FromResult(true);
}
var argument = routeVal.ToString();
if (!TryParseNodeId(argument, out nodeId))
{
// Must succeed this requirement since we cannot process it.
return Task.FromResult(true);
}
}
else
{
nodeId = requirement.NodeId.Value;
}
ContentPermissions.ContentAccess permissionResult = _contentPermissions.CheckPermissions(
nodeId,
BackOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
out IContent? contentItem,
new[] { requirement.PermissionToCheck });
if (HttpContextAccessor.HttpContext is not null && contentItem is not null)
{
// Store the content item in request cache so it can be resolved in the controller without re-looking it up.
HttpContextAccessor.HttpContext.Items[typeof(IContent).ToString()] = contentItem;
}
return permissionResult switch
{
ContentPermissions.ContentAccess.Denied => Task.FromResult(false),
_ => Task.FromResult(true)
};
}
}
Reference in New Issue View Git Blame Copy Permalink